502 - Web server received an invalid response while acting as a gateway or proxy server.

[modemgeek]

On one particular webapp, we started getting this 502 error when going to the /letsencrypt/ We haven't made any changes to it. I have also tried upgrade to 0.9.6 (from 0.9.5) but same issue happens. Once you are on /letsencrypt and click Next it hangs for a bit and then the 502 error pops up. Any idea of what is causing this behavior or where I can look for errors?

I can also browse to /letsencrypt/Home/Install and select a hostname. When I click the button request and install certificate, I get the same 502 error.

[RobDeVoer]

My sites have been out all day due to somehow the certificates generated through the webjobs not being valid? Looked and tried for a long time to resolve this but unable to. Bought a few certificates to get my clients back online. Hoping for a solution to the 502 error before I have more sites needing a certificate.

@shanselman any feedback from the service team?

[DylanTusler]

This worked for me too. Adding the connection string settings and restarting (actually stopping and starting because there was no Restart button) the web job resulted in the certificate for my site being renewed immediately. (It would've expired in 4 days.) Thank you so much!

While this may work to renew certificates creating new ones still doesn't work.

I'd also like to know (and this should be specified in the documentation) if the ConnectionStrings are set as appsettings or as connectionstrings.

Doesn't matter. I've done it both ways.

[DylanTusler]

Firstly, thanks @sjkp this really is a great extension!

I'm having the same issue as above when creating a new certificate and tried the above, however my web job is stuck in "Pending Restart" with the error below:

Any ideas anyone? Thanks in advance!

The configuration is not properly set for the Microsoft Azure WebJobs Dashboard. A connection string named AzureWebJobsDashboard is not well-formed. In your Microsoft Azure Website configuration you must set a connection string named AzureWebJobsDashboard by using the following format DefaultEndpointsProtocol=https;AccountName=NAME;AccountKey=KEY pointing to the Microsoft Azure Storage account where the Microsoft Azure WebJobs Runtime logs are stored. Please visit the article about configuring connection strings for more information on how you can configure connection strings in your Microsoft Azure Website.

I had that problem too. I found if you copy the connection string from the storage object itself as I detailed above, that resolved this issue.

[sjkp]

Hi friends (as hanselman would have said it) Microsoft have a work around. We need to browse the KUDU/SCM site using basic auth not SSO.

Basic Auth is available using https://<yoursite>.scm.azurewebsites.net/basicauth the username + password you need to use are those from the publishing crendential file userName and userPWD

[bcornett]

Basic auth worked great for me, thanks for the work around!

[shanselman]

Just to make it SUPER clear if someone shows up here, @sjkp, the steps (until this is fixed) to force a refresh are:

• Visit https://YOURSITE.scm.azurewebsites.net/basicauth
  • Auth with the dialog, using your FTP/deployment user and pass
• Visit https://YOURSITE.scm.azurewebsites.net/letsencrypt/home/install

[bclevering]

Hi friends (as hanselman would have said it) Microsoft have a work around. We need to browse the KUDU/SCM site using basic auth not SSO.

Basic Auth is available using https://<yoursite>.scm.azurewebsites.net/basicauth the username + password you need to use are those from the publishing crendential file userName and userPWD

-- when i try this i get the following error while requesting the certificate:

[lhuswe]

Basic auth worked great!

[Luunk]

Basic auth works for new .NET core sites as well 👍 Just installed a fresh new cert on a site. Thx for all hard work, and a great extension!

[Variel]

Basic auth works very well! thanks 👍

[sanderdam]

Fresh new user of the webjob here. The workaround by using basicauth to login to kudu, scm worked like a charm!

[stephanjohnson]

The workaround of using basicauth worked for me as well.

Thanks for everyone working on this.

@sjkp you're awesome

[garethrampton]

Hi friends (as hanselman would have said it) Microsoft have a work around. We need to browse the KUDU/SCM site using basic auth not SSO. Basic Auth is available using https://<yoursite>.scm.azurewebsites.net/basicauth the username + password you need to use are those from the publishing crendential file userName and userPWD

-- when i try this i get the following error while requesting the certificate:

Seeing exactly this issue here too

[webmatikbg]

The workaround of using basicauth worked for me as well.

Thanks

[sjkp]

@garethrampton @bclevering do you have an app setting configured with letsencrypt:AcmeBaseUri that points to one of the old endpoints? Please use https://acme-v02.api.letsencrypt.org/directory or https://acme-staging-v02.api.letsencrypt.org/directory for the new V2 endpoints. I'm not sure my 1.0.1 patch handles if you had these configure before, and just did and upgrade.

[garethrampton]

@sjkp I did have the correct v2 endpoint configure in my app settings, but since removed it - along with the email and hostnames config options too to see if that was impacting things - no change.

Interestingly though - with the same app service plan last night the App Service Acmebot function app was also failing to succeed for the same app, yet this morning it has worked and installed a new certificate.

The app service is in the UK South region, and was newly spun up, so had no pre-existing SSL installed if that makes a difference.

At least now I've got the SSL installed the extension will hopefully now continue to renew with the WebJob.

[bclevering]

@garethrampton @bclevering do you have an app setting configured with letsencrypt:AcmeBaseUri that points to one of the old endpoints? Please use https://acme-v02.api.letsencrypt.org/directory or https://acme-staging-v02.api.letsencrypt.org/directory for the new V2 endpoints. I'm not sure my 1.0.1 patch handles if you had these configure before, and just did and upgrade.

@sjkp I did update the appsettings in Azure and also did a manual reset of the web app. But still the same issue appears. :(

[dlucre]

Using BasicAuth also worked for me. Once again, Scott comes to the rescue. If you keep getting prompted for the user/pass when trying basic auth, it might be because you're providing the username in the DOMAIN\$USERNAME format. If so, use $USERNAME only.

[Jjarrard]

Possibly a stupid question: I'm just using an app service to host a .net core project, and don't have the options to FTP and never set up a username or password. BasicAuth requires a username and password, is it possible to create a user/pass?, or am I not going to be able to use the work around?

[osvaldolove]

@Jjarrard try downloading the Publish Profile from the overview tab. Credentials should be in the file.

[Jjarrard]

@osvaldolove brilliant, thanks!

Work around worked, thanks so much guys!

[Marcel0024]

Workaround also worked for me!

[Jabe]

To get the credentials, just open the App Service in the Azure Portal, go to Deployment Center ...

• (if nothing is set up) choose FTP and find the Dashboard button at the bottom of the blade
• (if you've set up deployment using Deployment Center before) find the FTP/Credentials button at the top of the blade

You can also use the Resource Explorer to access the API and navigate to config/publishingcredentials.

[davidverriere]

Using basicAuth and login with FTP credential withou domain works for me thanks Scott

[unencode]

Same here, works with Basic. Thanks for the workaround!

[jjghali]

@shanselman you are a lifesaver :dancer:

[valentim89]

Hi Guys,

I am having the same trouble. When I am attempting the "basicauth" workaround after entering my credentials I get "error 403 - This web app is stopped"

But it is not! Can you guys advise?

Thanks for all the effort

EDIT: It seems I was using the wrong Creds. So bypass this. However:

Any ideas?

NEW EDIT:

I should really learn to read before I post, I needed to update the plugin! I can confirm the basicauth also works for me!

Thanks a lot guys

[perrakay]

I'm the one who posted the question on Serverfault as mentioned by @tdoumas.

Changed to basicauth which got me a little bit further, but now I'm stuck with the exact same problem as @bclevering:

Also added the letsencrypt:AcmeBaseUri application setting, but it did not make any difference.

Thankful for help!

[seriousfish]

Basic Auth also worked for me, but the Webjob never gets created? Any instructions to create that manually with the settings I need?

[ahmelsayed]

Quick update from Azure side; a fix started rolling out yesterday, we're tracking updating some US regions today and finishing the upgrade globally by next week.

[sjkp]

Please update to 1.0.4 to get proper error reporting. And then make new issues, unless it is related to this one, if you still have errors.

[robertmclaws]

I'm still getting the same error with 1.0.4, even after totally uninstalling and reinstalling the extension. The only luck I had was with the /basicauth workaround. I have a couple other sites to set up, but I'll hold off for a couple days till the rest of the rollout happens.

[m4nthys]

Please update to 1.0.4 to get proper error reporting. And then make new issues, unless it is related to this one, if you still have errors.

I still have the same error with 1.1.4. =/ domain: icollect.com.br

[sjkp]

1.0.4 doesn't fix the 502 problem that Microsoft introduced, you still have to use basic auth, until their fix is rolled out. I can't fix the app service infrastructure ;)

[alfkla]

Hi, thanks for wonderfull extension, I use it a lot! I have updated it to 1.0.4 on one webapp today and tried to run it, but it still fails. Then I tried the login at https://.scm.azurewebsites.net/basicauth (with credentials from the publish profile) and got into the Kudu environment page. But what's next, if I try to continue using https://.scm.azurewebsites.net/letsencrypt/home/install (writing this url in the address field in my webbrowser) I only end up with this error:

Server Error in '/letsencrypt' Application. 'authority' Uri should have at least one segment in the path (i.e. https:////...) Parameter name: authority Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Any ideas of what I am doing wrong?

Kind regards, Alf

[shanselman]

I'm told the fix is being rolled out ASAP.

On Mon, Oct 14, 2019 at 4:20 AM Alf Normann Klausen < notifications@github.com> wrote:

Hi, thanks for wonderfull extension, I use it a lot! I have updated it to 1.0.4 on one webapp today and tried to run it, but it still fails. Then I tried the login at https://.scm.azurewebsites.net/basicauth (with credentials from the publish profile) and got into the Kudu environment page. But what's next, if I try to continue using https://. scm.azurewebsites.net/letsencrypt/home/install (writing this url in the address field in my webbrowser) I only end up with this error:

Server Error in '/letsencrypt' Application. 'authority' Uri should have at least one segment in the path (i.e. https:// //...) Parameter name: authority Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

[image: smsapi_error] https://user-images.githubusercontent.com/17759364/66747642-51167c80-ee85-11e9-8b44-f0f0f74dddbe.png

Any ideas of what I am doing wrong?

Kind regards, Alf

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sjkp/letsencrypt-siteextension/issues/331?email_source=notifications&email_token=AAAAWTHMXSMZFBQPFO65VXLQORIW5A5CNFSM4I4YPFD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBEHQZQ#issuecomment-541620326, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAWTBIRQVQ2CK4GSSSGTLQORIW5ANCNFSM4I4YPFDQ .

[RobDeVoer]

Big thanks @sjkp and @shanselman for your efforts to get this resolved. Really appreciated.

[sjkp]

@alfkla please start at https://<your-site>.scm.azurewebsites.net/letsencrypt/ unless you have already configured the site before. And use basicauth as you did, until we have a confirmation that the patch is applied globally.

[shanselman]

This should be patched everywhere now.

[kilasuit]

This should be patched everywhere now.

I can confirm this now looks to be working as expected as I have managed to get a new Certificate where I was unable to previously

[alfkla]

Thanks a lot @sjkp and @shanselman - now it works fine!

[Petryxasport]

@sjkp thanks, now everything works correctly!

[asp1egui]

Great article! Thanks!

I want to do a comment if you allow me.

https://dipoletechi.com/blog-post/502-web-server-received-an-invalid-response-while-acting-as-a-gateway-or-proxy-server-on-azure-web-app/

so the only option is to upgrade the service plan ?